Validate encoder buffer writes for single token partition

author Attila Nagy <attilanagy@google.com>

Wed, 9 Nov 2011 12:44:31 +0000 (14:44 +0200)

committer Attila Nagy <attilanagy@google.com>

Fri, 18 Nov 2011 10:49:27 +0000 (12:49 +0200)
author Attila Nagy <attilanagy@google.com>
Wed, 9 Nov 2011 12:44:31 +0000 (14:44 +0200)
committer Attila Nagy <attilanagy@google.com>
Fri, 18 Nov 2011 10:49:27 +0000 (12:49 +0200)
diff --git a/vp8/encoder/bitstream.c b/vp8/encoder/bitstream.c

index 748b607..e02eaa5 100644 (file)
--- a/vp8/encoder/bitstream.c
+++ b/vp8/encoder/bitstream.c
@@ -221,6 +221,11 @@ static void pack_tokens_c(vp8_writer *w, const TOKENEXTRA *p, int xcount)
                      w->buffer[x] += 1;
                  }
  
+                validate_buffer(w->buffer + w->pos,
+                                1,
+                                w->buffer_end,
+                                w->error);
+
                  w->buffer[w->pos++] = (lowvalue >> (24 - offset));
                  lowvalue <<= offset;
                  shift = count;
@@ -281,6 +286,11 @@ static void pack_tokens_c(vp8_writer *w, const TOKENEXTRA *p, int xcount)
                              w->buffer[x] += 1;
                          }
  
+                        validate_buffer(w->buffer + w->pos,
+                                        1,
+                                        w->buffer_end,
+                                        w->error);
+
                          w->buffer[w->pos++] = (lowvalue >> (24 - offset));
                          lowvalue <<= offset;
                          shift = count;
@@ -329,6 +339,12 @@ static void pack_tokens_c(vp8_writer *w, const TOKENEXTRA *p, int xcount)
                  if (!++count)
                  {
                      count = -8;
+
+                    validate_buffer(w->buffer + w->pos,
+                                    1,
+                                    w->buffer_end,
+                                    w->error);
+
                      w->buffer[w->pos++] = (lowvalue >> 24);
                      lowvalue &= 0xffffff;
                  }
@@ -664,6 +680,11 @@ static void pack_mb_row_tokens_c(VP8_COMP *cpi, vp8_writer *w)
                          w->buffer[x] += 1;
                      }
  
+                    validate_buffer(w->buffer + w->pos,
+                                    1,
+                                    w->buffer_end,
+                                    w->error);
+
                      w->buffer[w->pos++] = (lowvalue >> (24 - offset));
                      lowvalue <<= offset;
                      shift = count;
@@ -724,6 +745,11 @@ static void pack_mb_row_tokens_c(VP8_COMP *cpi, vp8_writer *w)
                                  w->buffer[x] += 1;
                              }
  
+                            validate_buffer(w->buffer + w->pos,
+                                            1,
+                                            w->buffer_end,
+                                            w->error);
+
                              w->buffer[w->pos++] = (lowvalue >> (24 - offset));
                              lowvalue <<= offset;
                              shift = count;
@@ -770,6 +796,12 @@ static void pack_mb_row_tokens_c(VP8_COMP *cpi, vp8_writer *w)
                      if (!++count)
                      {
                          count = -8;
+
+                        validate_buffer(w->buffer + w->pos,
+                                        1,
+                                        w->buffer_end,
+                                        w->error);
+
                          w->buffer[w->pos++] = (lowvalue >> 24);
                          lowvalue &= 0xffffff;
                      }
@@ -1566,6 +1598,9 @@ void vp8_pack_bitstream(VP8_COMP *cpi, unsigned char *dest, unsigned char * dest
  
      mb_feature_data_bits = vp8_mb_feature_data_bits;
  
+    cpi->bc.error = &pc->error;
+    cpi->bc2.error = &pc->error;
+
      validate_buffer(cx_data, 3, cx_data_end, &cpi->common.error);
      cx_data += 3;
  
diff --git a/vp8/encoder/onyx_if.c b/vp8/encoder/onyx_if.c

index 6a51cda..50278fe 100644 (file)
--- a/vp8/encoder/onyx_if.c
+++ b/vp8/encoder/onyx_if.c
@@ -4940,7 +4940,7 @@ int vp8_get_compressed_data(VP8_PTR ptr, unsigned int *frame_flags, unsigned lon
      int64_t store_reg[8];
  #endif
      VP8_COMP *cpi = (VP8_COMP *) ptr;
-    VP8_COMMON *cm = &cpi->common;
+    VP8_COMMON *cm;
      struct vpx_usec_timer  tsctimer;
      struct vpx_usec_timer  ticktimer;
      struct vpx_usec_timer  cmptimer;
@@ -4949,12 +4949,14 @@ int vp8_get_compressed_data(VP8_PTR ptr, unsigned int *frame_flags, unsigned lon
      if (!cpi)
          return -1;
  
-    if (setjmp(cpi->common.error.jmp)){
+    cm = &cpi->common;
+
+    if (setjmp(cpi->common.error.jmp))
+    {
          cpi->common.error.setjmp = 0;
          return VPX_CODEC_CORRUPT_FRAME;
      }
  
-    cpi->bc.error = &cpi->common.error;
      cpi->common.error.setjmp = 1;
  
  #if HAVE_ARMV7
author	Attila Nagy <attilanagy@google.com>
	Wed, 9 Nov 2011 12:44:31 +0000 (14:44 +0200)
committer	Attila Nagy <attilanagy@google.com>
	Fri, 18 Nov 2011 10:49:27 +0000 (12:49 +0200)
vp8/encoder/bitstream.c		patch \| blob \| history
vp8/encoder/onyx_if.c		patch \| blob \| history